libre-chip/subscribe-list
3
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

getting email from gitlab works

Browse source
This commit is contained in:
Jacob Lifshay 2024-04-08 04:52:06 -07:00
parent 5eabc89280
commit 7527459446
Signed by: programmerjake
SSH key fingerprint: SHA256:B1iRVvUJkvd7upMIiMqn6OyxvD2SgJkAH3ZnUOj6z+c
6 changed files with 257 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

172
Cargo.lock generated
View file

@ -887,6 +887,29 @@ dependencies = [
"cfg-if", "cfg-if",
] ]
[[package]]
name = "env_filter"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a009aa4810eb158359dda09d0c87378e4bbb89b5a801f016885a4707ba24f7ea"
dependencies = [
"log",
"regex",
]
[[package]]
name = "env_logger"
version = "0.11.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "38b35839ba51819680ba087cd351788c9a3c476841207e0b8cee0b04722343b9"
dependencies = [
"anstream",
"anstyle",
"env_filter",
"humantime",
"log",
]
[[package]] [[package]]
name = "equivalent" name = "equivalent"
version = "1.0.1" version = "1.0.1"
@ -951,6 +974,21 @@ version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]] [[package]]
name = "form_urlencoded" name = "form_urlencoded"
version = "1.2.1" version = "1.2.1"
@ -1201,6 +1239,12 @@ version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"
[[package]]
name = "humantime"
version = "2.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
[[package]] [[package]]
name = "hyper" name = "hyper"
version = "0.14.28" version = "0.14.28"
@ -1239,6 +1283,19 @@ dependencies = [
"tokio-rustls", "tokio-rustls",
] ]
[[package]]
name = "hyper-tls"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
dependencies = [
"bytes",
"hyper",
"native-tls",
"tokio",
"tokio-native-tls",
]
[[package]] [[package]]
name = "iana-time-zone" name = "iana-time-zone"
version = "0.1.60" version = "0.1.60"
@ -1475,6 +1532,24 @@ dependencies = [
"windows-sys 0.48.0", "windows-sys 0.48.0",
] ]
[[package]]
name = "native-tls"
version = "0.2.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e"
dependencies = [
"lazy_static",
"libc",
"log",
"openssl",
"openssl-probe",
"openssl-sys",
"schannel",
"security-framework",
"security-framework-sys",
"tempfile",
]
[[package]] [[package]]
name = "num-bigint-dig" name = "num-bigint-dig"
version = "0.8.4" version = "0.8.4"
@ -1611,6 +1686,50 @@ dependencies = [
"url", "url",
] ]
[[package]]
name = "openssl"
version = "0.10.64"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f"
dependencies = [
"bitflags 2.5.0",
"cfg-if",
"foreign-types",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.58",
]
[[package]]
name = "openssl-probe"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-sys"
version = "0.9.102"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]] [[package]]
name = "ordered-float" name = "ordered-float"
version = "2.10.1" version = "2.10.1"
@ -1874,10 +1993,12 @@ dependencies = [
"http-body", "http-body",
"hyper", "hyper",
"hyper-rustls", "hyper-rustls",
"hyper-tls",
"ipnet", "ipnet",
"js-sys", "js-sys",
"log", "log",
"mime", "mime",
"native-tls",
"once_cell", "once_cell",
"percent-encoding", "percent-encoding",
"pin-project-lite", "pin-project-lite",
@ -1889,6 +2010,7 @@ dependencies = [
"sync_wrapper", "sync_wrapper",
"system-configuration", "system-configuration",
"tokio", "tokio",
"tokio-native-tls",
"tokio-rustls", "tokio-rustls",
"tower-service", "tower-service",
"url", "url",
@ -2018,6 +2140,15 @@ dependencies = [
"winapi-util", "winapi-util",
] ]
[[package]]
name = "schannel"
version = "0.1.23"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fbc91545643bcf3a0bbb6569265615222618bdf33ce4ffbbd13c4bbd4c093534"
dependencies = [
"windows-sys 0.52.0",
]
[[package]] [[package]]
name = "scopeguard" name = "scopeguard"
version = "1.2.0" version = "1.2.0"
@ -2048,6 +2179,29 @@ dependencies = [
"zeroize", "zeroize",
] ]
[[package]]
name = "security-framework"
version = "2.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "770452e37cad93e0a50d5abc3990d2bc351c36d0328f86cefec2f2fb206eaef6"
dependencies = [
"bitflags 1.3.2",
"core-foundation",
"core-foundation-sys",
"libc",
"security-framework-sys",
]
[[package]]
name = "security-framework-sys"
version = "2.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41f3cc463c0ef97e11c3461a9d3787412d30e8e7eb907c79180c4a57bf7c04ef"
dependencies = [
"core-foundation-sys",
"libc",
]
[[package]] [[package]]
name = "semver" name = "semver"
version = "1.0.22" version = "1.0.22"
@ -2283,12 +2437,14 @@ dependencies = [
"clap", "clap",
"clio", "clio",
"color-eyre", "color-eyre",
"env_logger",
"eyre", "eyre",
"futures", "futures",
"indexmap 2.2.6", "indexmap 2.2.6",
"listenfd", "listenfd",
"log", "log",
"openidconnect", "openidconnect",
"reqwest",
"serde", "serde",
"serde_json", "serde_json",
"tinytemplate", "tinytemplate",
@ -2479,6 +2635,16 @@ dependencies = [
"syn 2.0.58", "syn 2.0.58",
] ]
[[package]]
name = "tokio-native-tls"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
dependencies = [
"native-tls",
"tokio",
]
[[package]] [[package]]
name = "tokio-rustls" name = "tokio-rustls"
version = "0.24.1" version = "0.24.1"
@ -2665,6 +2831,12 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]] [[package]]
name = "version_check" name = "version_check"
version = "0.9.4" version = "0.9.4"

2
Cargo.toml
View file

@ -11,12 +11,14 @@ actix-web = { version = "4.5.1", features = ["secure-cookies"] }
clap = { version = "4.5.4", features = ["derive"] } clap = { version = "4.5.4", features = ["derive"] }
clio = { version = "0.3.5", features = ["clap-parse"] } clio = { version = "0.3.5", features = ["clap-parse"] }
color-eyre = "0.6.3" color-eyre = "0.6.3"
env_logger = "0.11.3"
eyre = "0.6.12" eyre = "0.6.12"
futures = "0.3.30" futures = "0.3.30"
indexmap = { version = "2.2.6", features = ["serde"] } indexmap = { version = "2.2.6", features = ["serde"] }
listenfd = "1.0.1" listenfd = "1.0.1"
log = "0.4.21" log = "0.4.21"
openidconnect = "3.5.0" openidconnect = "3.5.0"
reqwest = "0.11.27"
serde = { version = "1.0.197", features = ["derive"] } serde = { version = "1.0.197", features = ["derive"] }
serde_json = "1.0.115" serde_json = "1.0.115"
tinytemplate = "1.2.1" tinytemplate = "1.2.1"

99
src/app.rs
View file

@ -1,22 +1,21 @@
use crate::config::{Config, OIDCProvider, OIDCProviderState}; use crate::{
client::async_http_client,
config::{Config, OIDCProvider},
};
use actix_session::Session; use actix_session::Session;
use actix_web::{ use actix_web::{
cookie::Cookie,
get, get,
http::{ http::header::{ContentType, LOCATION},
header::{ContentType, LOCATION},
uri::PathAndQuery,
StatusCode, Uri,
},
web::{self, ServiceConfig}, web::{self, ServiceConfig},
HttpResponse, HttpResponseBuilder, Responder, HttpResponse, Responder,
}; };
use eyre::{ensure, Context, OptionExt};
use openidconnect::{ use openidconnect::{
core::CoreAuthenticationFlow, http::HeaderValue, reqwest::async_http_client, url::Url, core::{CoreAuthenticationFlow, CoreUserInfoClaims},
AuthorizationCode, CsrfToken, EndUserEmail, Nonce, RedirectUrl, TokenResponse, AuthorizationCode, CsrfToken, EndUserEmail, Nonce, OAuth2TokenResponse,
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::{borrow::Cow, fmt::Write, marker::PhantomData}; use std::marker::PhantomData;
use tinytemplate::TinyTemplate; use tinytemplate::TinyTemplate;
pub trait DynTemplate { pub trait DynTemplate {
@ -85,6 +84,14 @@ templates! {
pub struct SubscriptionLoggedOutTemplate { pub struct SubscriptionLoggedOutTemplate {
pub providers: Vec<SubscriptionLoggedOutTemplateProviders>, pub providers: Vec<SubscriptionLoggedOutTemplateProviders>,
} }
#[text = r#"<head><title>Subscription</title></head>
<body>
<p>Logged in as {email}</p>
</body>"#]
#[derive(Debug, Serialize)]
pub struct SubscriptionLoggedInTemplate {
pub email: EndUserEmail,
}
} }
pub fn make_templates() -> TinyTemplate<'static> { pub fn make_templates() -> TinyTemplate<'static> {
@ -146,49 +153,42 @@ pub async fn callback(
if SessionState::get(&session).is_some() { if SessionState::get(&session).is_some() {
return resp; return resp;
} }
let Ok(Some(csrf_token)) = session.get::<CsrfToken>(CSRF_TOKEN) else { let body = async {
return resp; let csrf_token = session
}; .get::<CsrfToken>(CSRF_TOKEN)
let Ok(Some(nonce)) = session.get::<Nonce>(NONCE) else { .context("invalid csrf token")?
return resp; .ok_or_eyre("missing csrf token")?;
}; let nonce = session
.get::<Nonce>(NONCE)
.context("invalid nonce")?
.ok_or_eyre("missing nonce")?;
session.remove(CSRF_TOKEN); session.remove(CSRF_TOKEN);
session.remove(NONCE); session.remove(NONCE);
if csrf_token.secret() != query.state.secret() { ensure!(
return resp; csrf_token.secret() == query.state.secret(),
} "csrf token doesn't match"
let Some(provider) = config.oidc.get(&path.0) else { );
return resp; let provider = config.oidc.get(&path.0).ok_or_eyre("unknown provider")?;
}; let token = provider
let token = match provider
.state() .state()
.client .client
.exchange_code(query.into_inner().code) .exchange_code(query.into_inner().code)
.request_async(async_http_client) .request_async(async_http_client)
.await .await?;
{ let user_info: CoreUserInfoClaims = provider
Ok(token) => token, .state()
Err(e) => { .client
log::warn!("Error getting token: {e}"); .user_info(token.access_token().clone(), None)?
return resp; .request_async(async_http_client)
} .await?;
}; let email = user_info.email().ok_or_eyre("no email provided")?.clone();
dbg!(&token);
let claims = match token
.id_token()
.unwrap()
.claims(&provider.state().client.id_token_verifier(), &nonce)
{
Ok(claims) => claims,
Err(e) => {
log::warn!("Error verifying token: {e}");
return resp;
}
};
let Some(email) = claims.email().cloned() else {
return resp;
};
SessionState { email }.set(&session); SessionState { email }.set(&session);
Ok(())
};
let result: eyre::Result<()> = body.await;
if let Err(e) = result {
log::warn!("callback error: {e}");
}
resp resp
} }
@ -227,7 +227,10 @@ pub async fn login(
#[get("/subscription")] #[get("/subscription")]
pub async fn subscription(config: web::Data<Config>, session: Session) -> impl Responder { pub async fn subscription(config: web::Data<Config>, session: Session) -> impl Responder {
if let Some(SessionState { email }) = SessionState::get(&session) { if let Some(SessionState { email }) = SessionState::get(&session) {
todo!() let mut template = SubscriptionLoggedInTemplate { email };
HttpResponse::Ok()
.content_type(ContentType::html())
.body(template.render().expect("rendering can't fail"))
} else { } else {
let mut template = SubscriptionLoggedOutTemplate { providers: vec![] }; let mut template = SubscriptionLoggedOutTemplate { providers: vec![] };
for (name, provider) in config.oidc.iter() { for (name, provider) in config.oidc.iter() {

18
src/client.rs Normal file
View file

@ -0,0 +1,18 @@
use openidconnect::{reqwest::Error, HttpRequest, HttpResponse};
pub async fn async_http_client(
request: HttpRequest,
) -> Result<HttpResponse, Error<reqwest::Error>> {
let method = request.method.clone();
let url = request.url.clone();
log::debug!("making client request: {method} {url}");
let response = match openidconnect::reqwest::async_http_client(request).await {
Ok(v) => v,
Err(e) => return Err(e),
};
log::debug!(
"client request finished with {}: {method} {url}",
response.status_code
);
Ok(response)
}

7
src/config.rs
View file

@ -1,3 +1,4 @@
use crate::client::async_http_client;
use clap::builder::{TryMapValueParser, TypedValueParser, ValueParserFactory}; use clap::builder::{TryMapValueParser, TypedValueParser, ValueParserFactory};
use clio::CachedInput; use clio::CachedInput;
use eyre::Context; use eyre::Context;
@ -66,10 +67,8 @@ impl OIDCProvider {
self.state.as_ref().expect("resolve called by main") self.state.as_ref().expect("resolve called by main")
} }
pub async fn resolve(&mut self) -> eyre::Result<()> { pub async fn resolve(&mut self) -> eyre::Result<()> {
let provider_metadata = CoreProviderMetadata::discover_async( let provider_metadata =
self.issuer_url.clone(), CoreProviderMetadata::discover_async(self.issuer_url.clone(), async_http_client)
openidconnect::reqwest::async_http_client,
)
.await?; .await?;
let client = CoreClient::from_provider_metadata( let client = CoreClient::from_provider_metadata(
provider_metadata.clone(), provider_metadata.clone(),

10
src/main.rs
View file

@ -1,23 +1,22 @@
use crate::cli::{Listen, ListenFdSocket, ListenFdSockets}; use crate::cli::{Listen, ListenFdSocket, ListenFdSockets};
use actix_session::{ use actix_session::{storage::CookieSessionStore, SessionMiddleware};
config::{BrowserSession, SessionMiddlewareBuilder},
storage::CookieSessionStore,
SessionMiddleware,
};
use actix_web::{cookie::Key, web, App, HttpServer}; use actix_web::{cookie::Key, web, App, HttpServer};
use clap::Parser; use clap::Parser;
use listenfd::ListenFd; use listenfd::ListenFd;
mod app; mod app;
mod cli; mod cli;
mod client;
mod config; mod config;
#[tokio::main] #[tokio::main]
async fn main() -> eyre::Result<()> { async fn main() -> eyre::Result<()> {
env_logger::init();
let mut listenfd = ListenFd::from_env(); let mut listenfd = ListenFd::from_env();
color_eyre::install()?; color_eyre::install()?;
let mut args = cli::CLI::parse(); let mut args = cli::CLI::parse();
args.resolve(&mut listenfd).await?; args.resolve(&mut listenfd).await?;
log::info!("retrieved config from auth servers");
let config = web::Data::new(args.config); let config = web::Data::new(args.config);
let cookie_session_key = Key::generate(); let cookie_session_key = Key::generate();
let mut server = HttpServer::new(move || { let mut server = HttpServer::new(move || {
@ -49,6 +48,7 @@ async fn main() -> eyre::Result<()> {
}; };
} }
} }
log::info!("started server");
server.run().await?; server.run().await?;
Ok(()) Ok(())
} }